A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2025-09-30T12:54:59+00:00 2025-09-30T12:54:59+00:00 tb 2025-09-30T12:54:59+00:00 urn:sha1:2357352b8d9b0c6ac07e7240d0660f70c8d38da2 cms_RecipientInfo_pwri_crypt: plug leak of kekalg cms: fix incorrect length check in kek_unwrap_key() An incorrect length check can result in a 4-byte overwrite and an 8-byte overread. From Stanislav Fort and Viktor Dukhovni via OpenSSL. CVE-2025-9230. ok jsing this is errata/7.6/023_libcrypto.patch.sig 2024-09-22T14:59:48+00:00 tb 2024-09-22T14:59:48+00:00 urn:sha1:e58cba35ab15d6597f0c9cd8d6fba1928ade3acf From Kenjiro Nakayama Closes https://github.com/libressl/portable/issues/1097 2024-09-20T02:00:46+00:00 jsg 2024-09-20T02:00:46+00:00 urn:sha1:bd425e27ad9c9e978ee7a877656733f4742e01cc 2024-09-09T07:40:03+00:00 tb 2024-09-09T07:40:03+00:00 urn:sha1:ff309a8343aabbb4675e666bacf197d8838061b4 We accidentally have two errors 235 since we didn't notice that OpenSSL removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher" error when fiddling with ALPN is confusing, so fix that. ok jsing 2024-09-09T03:55:55+00:00 tb 2024-09-09T03:55:55+00:00 urn:sha1:47902b1741d383c06ea246859858115749b1c9b6 Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing 2024-09-09T03:32:29+00:00 tb 2024-09-09T03:32:29+00:00 urn:sha1:461979ad807ebd887bb629ba3072f150b5390cd2 This is a small refactoring that wraps a direct call to the record layer's alert_sent() callback into a handler for upcoming reuse in the QUIC code. No functional change. ok jsing 2024-09-06T09:57:32+00:00 tb 2024-09-06T09:57:32+00:00 urn:sha1:de922e906737ea318d3a84723ec68b62581dd51c The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11... 2024-09-06T07:48:20+00:00 tb 2024-09-06T07:48:20+00:00 urn:sha1:546fb2f18abf0a6a44cd70ba838da81736c4583a X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo. 2024-09-03T18:21:55+00:00 op 2024-09-03T18:21:55+00:00 urn:sha1:35c0b093dbb74ae99c7aeef7270b936c658f9294 2024-09-03T17:05:59+00:00 deraadt 2024-09-03T17:05:59+00:00 urn:sha1:ca5f6662533313cdb402c3ce9aaad36b9f6f4a86